CVE-2020-14496

Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

CVSS v3 8.3 HIGH
CVSS v2.0 7.5 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:cpu_module_logging_configuration_tool::::::::
	cpe:2.3:a:mitsubishielectric:cw_configurator::::::::
	cpe:2.3:a:mitsubishielectric:data_transfer::::::::
	cpe:2.3:a:mitsubishielectric:em_configurator::::::::
	cpe:2.3:a:mitsubishielectric:ezsocket::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:gt_designer3::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot1000::::::::
	cpe:2.3:a:mitsubishielectric:gt_softgot2000::::::::
	cpe:2.3:a:mitsubishielectric:gx_logviewer::::::::
	cpe:2.3:a:mitsubishielectric:gx_works2::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:m_commdtm-hart::::::::
	cpe:2.3:a:mitsubishielectric:m_commdtm-io-link::::::::
	cpe:2.3:a:mitsubishielectric:melfa-works::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_fielddeviceconfigurator::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_navigator::::::::
	cpe:2.3:a:mitsubishielectric:mh11_settingtool_version2::::::::
	cpe:2.3:a:mitsubishielectric:motorizer::::::::
	cpe:2.3:a:mitsubishielectric:mr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:mt_works2::::::::
	cpe:2.3:a:mitsubishielectric:mx_component::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_cc-link_ver.2_utility::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_control_utility::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_cc_ie_field_utility::::::::
	cpe:2.3:a:mitsubishielectric:network_interface_board_mneth_utility::::::::
	cpe:2.3:a:mitsubishielectric:px_developer::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox2::::::::
	cpe:2.3:a:mitsubishielectric:rt_toolbox3::::::::

History

21 Nov 2024, 05:03

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~7.5~~ v3 : ~~9.8~~	v2 : 7.5 v3 : 8.3

Information

Published : 2022-05-19 18:15

Updated : 2024-11-21 05:03

NVD link : CVE-2020-14496

Mitre link : CVE-2020-14496

CVE.ORG link : CVE-2020-14496

JSON object : View

Products Affected

mitsubishielectric

mr_configurator2
melsoft_fielddeviceconfigurator
cpu_module_logging_configuration_tool
em_configurator
melfa-works
melsoft_navigator
gx_works2
gt_softgot1000
rt_toolbox3
network_interface_board_cc_ie_control_utility
mx_component
gt_softgot2000
ezsocket
gt_designer3
mh11_settingtool_version2
data_transfer
m_commdtm-hart
m_commdtm-io-link
cw_configurator
network_interface_board_cc-link_ver.2_utility
network_interface_board_cc_ie_field_utility
motorizer
px_developer
rt_toolbox2
gx_works3
fr_configurator2
network_interface_board_mneth_utility
gx_logviewer
mt_works2

CWE

CWE-275

Permission Issues

NVD-CWE-noinfo

8.3 /10